Changes since version 1.8-dev2 : Adis Nezirovic (1): BUG/MINOR: lua: Fix bitwise logic for hlua_server_check_* functions. Christopher Faulet (25): BUG/MINOR: buffers: Fix bi/bo_contig_space to handle full buffers BUG/MINOR: acls: Set the right refflag when patterns are loaded from a map BUG/MINOR: ssl: Be sure that SSLv3 connection methods exist for openssl < 1.1.0 BUG/MINOR: http/filters: Be sure to wait if a filter loops in HTTP_MSG_ENDING BUG/MINOR: cfgparse: Check if tune.http.maxhdr is in the range 1..32767 MINOR: queue: Change pendconn_get_next_strm into private function MINOR: backends: Change get_server_sh/get_server_uh into private function MINOR: queue: Change pendconn_from_srv/pendconn_from_px into private functions BUG/MAJOR: compression: Be sure to release the compression state in all cases MINOR: compression: Use a memory pool to allocate compression states BUG/MINOR: stream: Don't forget to remove CF_WAKE_ONCE flag on response channel BUG/MINOR: http: Don't reset the transaction if there are still data to send BUG/MEDIUM: filters: Be sure to call flt_end_analyze for both channels BUG/MINOR: http: Set the response error state in http_sync_res_state MINOR: http: Reorder/rewrite checks in http_resync_states MINOR: http: Switch requests/responses in TUNNEL mode only by checking txn flags BUG/MEDIUM: http: Switch HTTP responses in TUNNEL mode when body length is undefined MINOR: http: Rely on analyzers mask to end processing in forward_body functions BUG/MINOR: http: Fix bug introduced in previous patch in http_resync_states BUG/MAJOR: http: Fix possible infinity loop in http_sync_(req|res)_state MINOR: samples: Handle the type SMP_T_METH when we duplicate a sample in smp_dup MINOR: samples: Handle the type SMP_T_METH in smp_is_safe and smp_is_rw MINOR: samples: Don't allocate memory for SMP_T_METH sample when method is known BUG/MINOR: ssl: Fix check against SNI during server certificate verification BUG/MEDIUM: ssl: Fix regression about certificates generation David Carlier (4): BUG/MINOR: haproxy/cli : fix for solaris/illumos distros for CMSG* macros BUG/MINOR: contrib/modsecurity: BSD build fix BUG/MINOR: contrib/mod_defender: build fix MINOR: memory: remove macros Emeric Brun (12): BUG/MAJOR: ssl: fix segfault on connection close using async engines. BUG/MAJOR: ssl: buffer overflow using offloaded ciphering on async engine BUG/MINOR: ssl: do not call directly the conn_fd_handler from async_fd_handler BUG/MINOR: stream: flag TASK_WOKEN_RES not set if task in runqueue MAJOR: task: task scheduler rework. MINOR: task/stream: tasks related to a stream must be init by the caller. MAJOR: applet: applet scheduler rework. BUG/MAJOR: cli: fix custom io_release was crushed by NULL. BUG/MAJOR: map: fix segfault during 'show map/acl' on cli. BUG/MAJOR: applet: fix a freeze if data is immedately forwarded. BUG/MEDIUM: map/acl: fix unwanted flags inheritance. BUG/MAJOR: http: fix buffer overflow on loguri buffer. Emmanuel Hocdet (8): REORG: ssl: move defines and methodVersions table upper MEDIUM: ssl: ctx_set_version/ssl_set_version func for methodVersions table MINOR: ssl: support ssl-min-ver and ssl-max-ver with crt-list MEDIUM: ssl: disable SSLv3 per default for bind BUG/MINOR: ssl: remove haproxy SSLv3 support when ssl lib have no SSLv3 MINOR: ssl: remove an unecessary SSL_OP_NO_* dependancy BUILD: ssl: fix compatibility with openssl without TLSEXT_signature_* MINOR: ssl: add "no-ca-names" parameter for bind Frédéric Lécaille (6): CONTRIB: plug qdiscs: Plug queuing disciplines mini HOWTO. BUG/MEDIUM: peers: Peers CLOSE_WAIT issue. BUG/MAJOR: server: Segfault after parsing server state file. BUG/MINOR: Wrong peer task expiration handling during synchronization processing. MINOR: peers: Add additional information to stick-table definition messages. BUG/MINOR: peers: peer synchronization issue (with several peers sections). Jarno Huuskonen (1): DOC: fix references to the section about time format. Nan Liu (1): BUG/MINOR: Makefile: fix compile error with USE_LUA=1 in ubuntu16.04 Nenad Merdanovic (2): BUG/MINOR: lua: Fix Server.get_addr() port values BUG/MINOR: lua: Correctly use INET6_ADDRSTRLEN in Server.get_addr() Olivier Houchard (1): BUG/MINOR: Prevent a use-after-free on error scenario on option "-x". Thierry FOURNIER (8): BUG/MINOR: lua: In error case, the safe mode is not removed BUG/MINOR: lua: executes the function destroying the Lua session in safe mode BUG/MAJOR: lua/socket: resources not detroyed when the socket is aborted BUG/MEDIUM: lua: bad memory access BUG/MINOR: Lua: variable already initialized MINOR: lua: Add proxy as member of proxy object. DOC: lua: Proxy class doc update MINOR: lua: Add lists of frontends and backends William Lallemand (7): BUG/MEDIUM: build without openssl broken BUG/MINOR: warning: ‘need_resend’ may be used uninitialized BUG/MEDIUM: misplaced exit and wrong exit code BUG/MEDIUM: fix segfault when no argument to -x option MINOR: warning on multiple -x MINOR: mworker: don't copy -x argument anymore in copy_argv() BUG/MEDIUM: mworker: don't reuse PIDs passed to the master Willy Tarreau (36): BUILD: scripts: make publish-release support bare repositories BUILD: scripts: add an automatic mode for publish-release BUILD: scripts: add a "quiet" mode to publish-release BUG/MAJOR: http: call manage_client_side_cookies() before erasing the buffer BUG/MEDIUM: unix: never unlink a unix socket from the file system scripts: create-release pass -n to tail SCRIPTS: create-release: enforce GIT_COMMITTER_{NAME|EMAIL} validity BUG/MINOR: log: pin the front connection when front ip/ports are logged DOC: fix references to the section about the unix socket MEDIUM: stream: make stream_new() always set the target and analysers MINOR: frontend: initialize HTTP layer after the debugging code MINOR: connection: add a .get_alpn() method to xprt_ops MINOR: ssl: add a get_alpn() method to ssl_sock MINOR: frontend: retrieve the ALPN name when available MINOR: frontend: report the connection's ALPN in the debug output MINOR: stream: don't set backend's nor response analysers on SF_TUNNEL MINOR: connection: send data before receiving BUG/MAJOR: frontend: don't dereference a null conn on outgoing connections MINOR: ssl: compare server certificate names to the SNI on outgoing connections BUG/MINOR: http: properly handle all 1xx informational responses OPTIM: ssl: don't consider a small ssl_read() as an indication of end of buffer CLEANUP: hdr_idx: make some function arguments const where possible DOC: update CONTRIBUTING regarding optional parts and message format DOC: update the list of OpenSSL versions in the README MINOR: tools: add a portable timegm() alternative BUILD: lua: replace timegm() with my_timegm() to fix build on Solaris 10 BUG/MINOR: lua: always detach the tcp/http tasks before freeing them MINOR: task: always preinitialize the task's timeout in task_init() CLEANUP: task: remove all initializations to TICK_ETERNITY after task_new() BUG/MAJOR: lua: properly dequeue hlua_applet_wakeup() for new scheduler BUG/MINOR: ssl: make use of the name in SNI before verifyhost MINOR: ssl: add a new error codes for wrong server certificates BUG/MEDIUM: stream: don't retry SSL connections which fail the SNI name check DOC: fix alphabetical order of "show commands" in management.txt MINOR: listener: add a function to return a listener's state as a string MINOR: cli: add a new "show fd" command ben51degrees (1): DOC: Updated 51Degrees git URL to point to a stable version.